jpsuldo
1/16/2019 - 11:32 PM

malicious proxy detectiion

malicious proxy detectiion
content_copyfile_download
      location.replace('http://172.27.72.27/web/login?_bcsp=1&_bceq=U2FsdGVkX194X6Q0ZGdKJaWMqQyL8Liux9u9xaQCpCrMgxsfovZ2isWOOLaxZx1DALsbLnunMruZiqROtjFwTLb5c81eq4lBs5Ph8xQE-xy9r4XkpxAqBZcu6tPwvp84sl9Hv_Msjzx3-RXNBJYij3JhD-fr76fztgTLTh1xJrlHXUBUjTYcdHRDGYe1JLZzfsnVgfPhigczl7-rHJyu5U8cQwAxCb29hwqR8D7MYDnxa3ubNueeKEvGpSCLnFLREnrtX9yLSApQnRN5Zag1318Ek2huGNTty0MwRw36_D-rWlUSQx0QCIF5dn8DQObR2VDh5LDc8c-CIwYiYXjp-GUajbW3K19H7r3Sy_qn5NcsykSESi8YZ0CtTO4Y9178Kuf86NNPwNZokdlgAhk7u_qdUv8w16nIP3VYVWGG4_iDwdwBIMvMc9VI9Ti5iYZmlew0O-hvmFWs4YIvmFkjsWR-V2aRiGQiJ9DkqYGjL8DnQupAdVSDHl2yabNbJ9WkqO3Ojkxwjw3i_-ZPhcQWX2Djb1VHLeZGcV-IWoqFddmJRpxPTcr03gIzDrcthq_O2If92DMDzEPE6rtIfn7oFTYpU3N_1FZXPMTI8qkCDX3FRW0s2Oqgzj3HHOE6tiaqKhqJLZ10dIEt29FzSFRMH90xBQ9OcvPCM7mS_jDPdxxGbF-sjP-HtUOVk5NjE8NhbZ1iqXiFZDf65xGgEWWtUA..');

[-] Malicious proxy found at 165.139.149.169:3128

+         document.location = 'http://172.27.72.27/web/login?_bcsp=1&_bceq=U2FsdGVkX194X6Q0ZGdKJaWMqQyL8Liux9u9xaQCpCrMgxsfovZ2isWOOLaxZx1DALsbLnunMruZiqROtjFwTLb5c81eq4lBs5Ph8xQE-xy9r4XkpxAqBZcu6tPwvp84sl9Hv_Msjzx3-RXNBJYij3JhD-fr76fztgTLTh1xJrlHXUBUjTYcdHRDGYe1JLZzfsnVgfPhigczl7-rHJyu5U8cQwAxCb29hwqR8D7MYDnxa3ubNueeKEvGpSCLnFLREnrtX9yLSApQnRN5Zag1318Ek2huGNTty0MwRw36_D-rWlUSQx0QCIF5dn8DQObR2VDh5LDc8c-CIwYiYXjp-GUajbW3K19H7r3Sy_qn5NcsykSESi8YZ0CtTO4Y9178Kuf86NNPwNZokdlgAhk7u_qdUv8w16nIP3VYVWGG4_iDwdwBIMvMc9VI9Ti5iYZmlew0O-hvmFWs4YIvmFkjsWR-V2aRiGQiJ9DkqYGjL8DnQupAdVSDHl2yabNbJ9WkqO3Ojkxwjw3i_-ZPhcQWX2Djb1VHLeZGcV-IWoqFddmJRpxPTcr03gIzDrcthq_O2If92DMDzEPE6rtIfn7oFTYpU3N_1FZXPMTI8qkCDX3FRW0s2Oqgzj3HHOE6tiaqKhqJLZ10dIEt29FzSFRMH90xBQ9OcvPCM7mS_jDPdxxGbF-sjP-HtUOVk5NjE8NhbZ1iqXiFZDf65xGgEWWtUA..';

[-] Malicious proxy found at 165.139.149.169:3128

+       document.write('<div style="border: 1px dotted red; padding: 2px; font-family: sans; font-size: 12px; color: black; background-color: white">This portion of the requested page has been blocked.<br /><a target="_top" href="http://172.27.72.27/web/login?_bcsp=1&amp;_bceq=U2FsdGVkX194X6Q0ZGdKJaWMqQyL8Liux9u9xaQCpCrMgxsfovZ2isWOOLaxZx1DALsbLnunMruZiqROtjFwTLb5c81eq4lBs5Ph8xQE-xy9r4XkpxAqBZcu6tPwvp84sl9Hv_Msjzx3-RXNBJYij3JhD-fr76fztgTLTh1xJrlHXUBUjTYcdHRDGYe1JLZzfsnVgfPhigczl7-rHJyu5U8cQwAxCb29hwqR8D7MYDnxa3ubNueeKEvGpSCLnFLREnrtX9yLSApQnRN5Zag1318Ek2huGNTty0MwRw36_D-rWlUSQx0QCIF5dn8DQObR2VDh5LDc8c-CIwYiYXjp-GUajbW3K19H7r3Sy_qn5NcsykSESi8YZ0CtTO4Y9178Kuf86NNPwNZokdlgAhk7u_qdUv8w16nIP3VYVWGG4_iDwdwBIMvMc9VI9Ti5iYZmlew0O-hvmFWs4YIvmFkjsWR-V2aRiGQiJ9DkqYGjL8DnQupAdVSDHl2yabNbJ9WkqO3Ojkxwjw3i_-ZPhcQWX2Djb1VHLeZGcV-IWoqFddmJRpxPTcr03gIzDrcthq_O2If92DMDzEPE6rtIfn7oFTYpU3N_1FZXPMTI8qkCDX3FRW0s2Oqgzj3HHOE6tiaqKhqJLZ10dIEt29FzSFRMH90xBQ9OcvPCM7mS_jDPdxxGbF-sjP-HtUOVk5NjE8NhbZ1iqXiFZDf65xGgEWWtUA..">Click here for details.</a></div>');

[-] Malicious proxy found at 165.139.149.169:3128

+ </script><noscript><p>JavaScript has been disabled in your browser.</p> <p><a href="http://172.27.72.27/web/login?_bcsp=1&amp;_bceq=U2FsdGVkX194X6Q0ZGdKJaWMqQyL8Liux9u9xaQCpCrMgxsfovZ2isWOOLaxZx1DALsbLnunMruZiqROtjFwTLb5c81eq4lBs5Ph8xQE-xy9r4XkpxAqBZcu6tPwvp84sl9Hv_Msjzx3-RXNBJYij3JhD-fr76fztgTLTh1xJrlHXUBUjTYcdHRDGYe1JLZzfsnVgfPhigczl7-rHJyu5U8cQwAxCb29hwqR8D7MYDnxa3ubNueeKEvGpSCLnFLREnrtX9yLSApQnRN5Zag1318Ek2huGNTty0MwRw36_D-rWlUSQx0QCIF5dn8DQObR2VDh5LDc8c-CIwYiYXjp-GUajbW3K19H7r3Sy_qn5NcsykSESi8YZ0CtTO4Y9178Kuf86NNPwNZokdlgAhk7u_qdUv8w16nIP3VYVWGG4_iDwdwBIMvMc9VI9Ti5iYZmlew0O-hvmFWs4YIvmFkjsWR-V2aRiGQiJ9DkqYGjL8DnQupAdVSDHl2yabNbJ9WkqO3Ojkxwjw3i_-ZPhcQWX2Djb1VHLeZGcV-IWoqFddmJRpxPTcr03gIzDrcthq_O2If92DMDzEPE6rtIfn7oFTYpU3N_1FZXPMTI8qkCDX3FRW0s2Oqgzj3HHOE6tiaqKhqJLZ10dIEt29FzSFRMH90xBQ9OcvPCM7mS_jDPdxxGbF-sjP-HtUOVk5NjE8NhbZ1iqXiFZDf65xGgEWWtUA..">Proceed to detail/login page</a></p></noscript>


Process finished with exit code 0